The Locksmith Journal May/Jun 2018 - Issue 56 - Page 14

14 • INDUSTRYNEWS PROUD SPONSORS OF THIS PAGE 5 GDPR KEY ACTION POINTS FOR LOCKSMITHS » » IF YOU DEAL WITH CUSTOMERS, NO matter how small your business is, you will soon need to comply with, the General Data Protection Regulation (GDPR) regarding collection, storage and usage of personal information. This applies to e-mails, addresses, names and telephone numbers. There will be penalties for not following the GDPR guidelines. Insolvency will be a real risk for non- compliant businesses due to fines. Individuals can also sue you, if they suffer because of your data management. This could be for material damage or non- material suffering, such as distress. It might sound scary and like a burden, but in general following GDPR rules can show to your potential and existing customers that as a locksmith you are keen to respect the rights of personal information. No one likes having their data misused, lost or stolen and doing everything you can to protect your customers and grow their trust is always a positive. WHAT IS GDPR? GDPR is built around two key principles. 1. Giving citizens and residents more control of their personal data. 2. Simplifying regulations for international businesses with a unifying regulation across the EU. START DATE GDPR will be effective from 25/05/18. GDPR CHECKLIST FOR LOCKSMITHS 1. Customer data. You need to collect personal data (e.g. name, address, email, bank details and etc.) and ensure that customers give you consent to process the data if you will be using this data for any marketing activities. The consent needs to be clear, specific and explicit. Your consent statement should describe: • Why you’re processing their personal data (the purpose), including the legal basis you have, such as consent (check the ICO’s privacy notices page for more information) • The categories of recipients you may be sending the personal data to (customer, employee, supplier, etc.) • Use a positive opt-in (don’t rely on pre-ticked boxes or default options) • Explicit consent means a very clear, specific statement of consent • Keep your consent requests separate from other terms and conditions • Make it easy for people to withdraw consent (and tell them how) • Keep evidence of the consent (who, when, how and what you’ve told people) For example, your customer will need to sign a form which states: “{your Company name} will use the information you provide on this form to get in touch with you and to call, e-mail and send direct mail with marketing updates. Please let us know all the ways you would like to hear from us: {check box} Phone {check box} Email {check box} Direct Mail You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at {add your e-mail}. We will treat your information with respect. For more information about our privacy practices please visit our website. By signing below, you agree that we may process your information in accordance with these terms. {Place for signature} 2. Internal security measures and training. You’ll need to have an internal document which clearly explains to all employees (if you LOCKSMITHJOURNAL.CO.UK | MAY/JUN 2018 Sponsored by Insafe | | have any) how you will need to collect, process and store the data. Ensure that your employees understand what constitutes a personal data breach and build processes to fix it. 3. If a customer requests to delete/ amend data. Under GDPR each request from the customer has a timeframe and deadline of one month, from the original date of request. 4. Your website. If you use cookies on your website or have a newsletter subscription form, you need to make sure that you amend the wording of both. 5. Your e-mail database. If you have a database of e-mail addresses, make sure that you have a clear recorded consent from each subscriber. If you don’t have a sufficient consent, you will not be able to send them mass e-mails after 25th of May 2018. And bear in mind, that consent can no longer be hidden in small print but must be presented clearly – so no more pre-marked boxes. HELPFUL LINKS The website and checklist above are great resource for small businesses looking to step in-line with the GDPR. ICO resource centre (small organisations and the GDPR). organisations/business/ ICO 12-step checklist preparing-for-the-gdpr-12-steps.pdf